This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Jan 23rd, 2014  |  syntax: None  |  size: 210.35 KB  |  views: 44  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. OTL logfile created on: 2014.01.23 19:27:24 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rugilė\Desktop
  3. 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.11.9600.16428)
  5. Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd
  6.  
  7. 3,90 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 49,46% Memory free
  8. 7,81 Gb Paging File | 5,64 Gb Available in Paging File | 72,21% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 445,65 Gb Total Space | 370,07 Gb Free Space | 83,04% Space Free | Partition Type: NTFS
  13. Drive D: | 19,81 Gb Total Space | 2,15 Gb Free Space | 10,84% Space Free | Partition Type: NTFS
  14. Drive E: | 1,86 Gb Total Space | 1,67 Gb Free Space | 89,99% Space Free | Partition Type: FAT32
  15.  
  16. Computer Name: RUGILE-HP | User Name: Rugilė | Logged in as Administrator.
  17. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
  18. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  19.  
  20. [color=#E56717]========== Processes (SafeList) ==========[/color]
  21.  
  22. PRC - [2014.01.23 19:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr
  23. PRC - [2013.12.20 09:30:26 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  24. PRC - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  25. PRC - [2013.12.11 20:21:32 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
  26. PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
  27. PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
  28. PRC - [2013.10.26 12:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe
  29. PRC - [2013.10.25 23:11:58 | 000,404,480 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldDS.exe
  30. PRC - [2013.10.09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
  31. PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
  32. PRC - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
  33. PRC - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
  34. PRC - [2013.02.19 03:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
  35. PRC - [2013.02.07 08:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
  36. PRC - [2013.02.07 08:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
  37. PRC - [2013.02.07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
  38. PRC - [2013.01.07 17:30:22 | 000,246,112 | ---- | M] () -- C:\ProgramData\Omnitel mobilusis internetas\OnlineUpdate\ouc.exe
  39. PRC - [2012.11.05 15:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
  40. PRC - [2012.09.02 08:55:05 | 000,218,624 | ---- | M] () -- C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\ouc.exe
  41. PRC - [2012.03.27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
  42. PRC - [2012.03.27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
  43. PRC - [2012.03.27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
  44. PRC - [2012.03.27 07:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
  45. PRC - [2012.03.05 22:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
  46. PRC - [2012.03.05 22:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
  47. PRC - [2012.02.11 01:18:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
  48. PRC - [2012.02.08 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  49. PRC - [2012.02.08 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  50. PRC - [2012.02.08 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
  51. PRC - [2012.02.07 03:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
  52. PRC - [2012.02.02 02:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  53. PRC - [2012.01.28 03:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
  54. PRC - [2011.08.19 23:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
  55. PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
  56. PRC - [2010.04.23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
  57.  
  58.  
  59. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  60.  
  61. MOD - [2013.12.20 09:30:25 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
  62. MOD - [2013.12.11 20:21:31 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
  63. MOD - [2013.10.10 15:18:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
  64. MOD - [2013.10.10 15:15:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
  65. MOD - [2013.10.10 15:15:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
  66. MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
  67. MOD - [2013.09.02 09:54:51 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
  68. MOD - [2013.09.02 09:09:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
  69. MOD - [2013.09.02 09:08:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
  70. MOD - [2013.09.02 09:08:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
  71. MOD - [2013.09.02 09:08:27 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
  72. MOD - [2013.02.07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
  73. MOD - [2013.02.07 08:19:50 | 000,019,240 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
  74. MOD - [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  75.  
  76.  
  77. [color=#E56717]========== Services (SafeList) ==========[/color]
  78.  
  79. SRV:[b]64bit:[/b] - [2013.11.26 11:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
  80. SRV:[b]64bit:[/b] - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  81. SRV:[b]64bit:[/b] - [2013.01.07 22:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
  82. SRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
  83. SRV:[b]64bit:[/b] - [2012.03.04 02:16:40 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
  84. SRV:[b]64bit:[/b] - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
  85. SRV:[b]64bit:[/b] - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
  86. SRV:[b]64bit:[/b] - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
  87. SRV:[b]64bit:[/b] - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
  88. SRV:[b]64bit:[/b] - [2012.02.10 01:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
  89. SRV:[b]64bit:[/b] - [2012.02.03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
  90. SRV:[b]64bit:[/b] - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
  91. SRV:[b]64bit:[/b] - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
  92. SRV:[b]64bit:[/b] - [2011.02.17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
  93. SRV:[b]64bit:[/b] - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
  94. SRV - [2014.01.14 02:47:42 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
  95. SRV - [2013.12.20 09:30:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  96. SRV - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  97. SRV - [2013.12.11 20:21:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  98. SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
  99. SRV - [2013.10.09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
  100. SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
  101. SRV - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
  102. SRV - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
  103. SRV - [2013.03.09 00:10:32 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
  104. SRV - [2013.02.07 08:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
  105. SRV - [2013.01.07 17:30:22 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Omnitel mobilusis internetas\UpdateDog\ouc.exe -- (Omnitel mobilusis internetas. RunOuc)
  106. SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
  107. SRV - [2012.09.02 08:55:05 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe -- (Tele2 Mobile Partner. RunOuc)
  108. SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  109. SRV - [2012.03.27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
  110. SRV - [2012.03.27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
  111. SRV - [2012.03.27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
  112. SRV - [2012.03.05 22:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
  113. SRV - [2012.02.22 04:34:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
  114. SRV - [2012.02.08 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
  115. SRV - [2012.02.08 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  116. SRV - [2012.02.08 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
  117. SRV - [2012.02.07 03:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
  118. SRV - [2012.02.02 02:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
  119. SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
  120. SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
  121. SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  122. SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  123.  
  124.  
  125. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  126.  
  127. DRV:[b]64bit:[/b] - [2014.01.23 19:16:52 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
  128. DRV:[b]64bit:[/b] - [2013.11.25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
  129. DRV:[b]64bit:[/b] - [2013.10.23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
  130. DRV:[b]64bit:[/b] - [2013.07.20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
  131. DRV:[b]64bit:[/b] - [2013.07.20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
  132. DRV:[b]64bit:[/b] - [2013.07.20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
  133. DRV:[b]64bit:[/b] - [2013.07.01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
  134. DRV:[b]64bit:[/b] - [2013.06.26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
  135. DRV:[b]64bit:[/b] - [2013.06.26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
  136. DRV:[b]64bit:[/b] - [2013.06.26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
  137. DRV:[b]64bit:[/b] - [2013.06.26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
  138. DRV:[b]64bit:[/b] - [2013.03.21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
  139. DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
  140. DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
  141. DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
  142. DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
  143. DRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
  144. DRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
  145. DRV:[b]64bit:[/b] - [2012.03.25 06:10:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  146. DRV:[b]64bit:[/b] - [2012.03.25 06:10:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  147. DRV:[b]64bit:[/b] - [2012.03.21 10:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
  148. DRV:[b]64bit:[/b] - [2012.03.04 02:16:48 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
  149. DRV:[b]64bit:[/b] - [2012.03.02 03:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
  150. DRV:[b]64bit:[/b] - [2012.03.02 03:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
  151. DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  152. DRV:[b]64bit:[/b] - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
  153. DRV:[b]64bit:[/b] - [2012.02.15 12:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
  154. DRV:[b]64bit:[/b] - [2012.02.13 08:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
  155. DRV:[b]64bit:[/b] - [2012.02.13 07:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
  156. DRV:[b]64bit:[/b] - [2012.02.10 01:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
  157. DRV:[b]64bit:[/b] - [2012.02.10 01:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
  158. DRV:[b]64bit:[/b] - [2012.02.10 01:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
  159. DRV:[b]64bit:[/b] - [2012.02.07 19:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
  160. DRV:[b]64bit:[/b] - [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
  161. DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
  162. DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
  163. DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
  164. DRV:[b]64bit:[/b] - [2012.01.27 19:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan)
  165. DRV:[b]64bit:[/b] - [2012.01.27 03:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
  166. DRV:[b]64bit:[/b] - [2012.01.27 03:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
  167. DRV:[b]64bit:[/b] - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP)
  168. DRV:[b]64bit:[/b] - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL)
  169. DRV:[b]64bit:[/b] - [2011.12.28 09:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
  170. DRV:[b]64bit:[/b] - [2011.12.07 05:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
  171. DRV:[b]64bit:[/b] - [2011.11.11 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
  172. DRV:[b]64bit:[/b] - [2011.09.30 03:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
  173. DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  174. DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
  175. DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  176. DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
  177. DRV:[b]64bit:[/b] - [2010.07.28 18:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
  178. DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  179. DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  180. DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  181. DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
  182. DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
  183. DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
  184. DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
  185. DRV:[b]64bit:[/b] - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
  186. DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  187. DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  188. DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  189. DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  190. DRV - [2013.01.31 11:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
  191. DRV - [2013.01.31 11:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
  192. DRV - [2012.09.03 08:08:22 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
  193. DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  194.  
  195.  
  196. [color=#E56717]========== Standard Registry (All) ==========[/color]
  197.  
  198.  
  199. [color=#E56717]========== Internet Explorer ==========[/color]
  200.  
  201. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1384193705&from=ild&uid=_
  202. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms}
  203. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
  204. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  205. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
  206. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms}
  207. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  208. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1384193705&from=ild&uid=_
  209. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
  210. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  211. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  212. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  213. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms}
  214. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  215. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  216. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
  217. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
  218. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
  219. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
  220. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  221. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms}
  222. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
  223. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  224. IE - HKLM\..\URLSearchHook:  - No CLSID value found
  225. IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
  226. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  227. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  228. IE - HKLM\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  229. IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  230. IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  231. IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  232. IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={ECEB1E60-F740-11E1-AF7D-001E101FB45E}
  233.  
  234.  
  235. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  236.  
  237. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  238.  
  239. IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
  240.  
  241. IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
  242.  
  243. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
  244. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
  245. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  246. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  247. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook:  - No CLSID value found
  248. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
  249. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
  250. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes,BrowserMngrDefaultScope = {N2342-ASDAD-T2DSS-TSDDAA-LDASDT-YASDDS3}
  251. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes,DefaultScope = {1948E92A-E308-4681-BDE1-4D41C9025968}
  252. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  253. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=4612_4&babsrc=SP_ss&mntrId=76ffbfeb000000000000001e101f36d9
  254. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  255. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{1948E92A-E308-4681-BDE1-4D41C9025968}: "URL" = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=76ffbfeb000000000000001e101f9843&affilt=1&r=914
  256. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  257. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{AD740C9B-4B01-11E3-A0F6-001E101F9843}: "URL" = http://www.nattly.com/?q={searchTerms}
  258. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  259. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  260. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{E8C9B397-717F-4534-A9AB-1C78F6A3872A}: "URL" = http://tuvaro.com/ws/?source=ab9c6293&tbp=rbox&toolbarid=base&u=76ffbfeb000000000000001e101fb45e&q={searchTerms}
  261. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={ECEB1E60-F740-11E1-AF7D-001E101FB45E}
  262. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{N2342-ASDAD-T2DSS-TSDDAA-LDASDT-YASDDS3}: "URL" = http://www.nattly.com/?q={searchTerms}
  263. IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  264.  
  265. [color=#E56717]========== FireFox ==========[/color]
  266.  
  267. FF - prefs.js..browser.search.defaultenginename: "Search the Web"
  268. FF - prefs.js..browser.search.selectedEngine: "Search the Web"
  269. FF - prefs.js..browser.startup.homepage: "www.nattly.com"
  270. FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
  271. FF - prefs.js..extensions.enabledAddons: %7BE71B541F-5E72-5555-A47C-E47863195841%7D:1.0.37
  272. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
  273. FF - prefs.js..keyword.URL: "http://www.nattly.com/?q="
  274.  
  275.  
  276. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
  277. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  278. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  279. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
  280. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
  281. FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
  282. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
  283. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
  284. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
  285. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  286. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  287. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  288. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  289. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  290. FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
  291. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  292.  
  293. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  294. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.18 10:00:19 | 000,000,000 | ---D | M]
  295. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  296. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.18 10:00:19 | 000,000,000 | ---D | M]
  297.  
  298. [2012.09.08 12:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Extensions
  299. [2012.09.05 12:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\extensions
  300. [2012.09.05 12:06:05 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
  301. [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
  302. [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
  303. [2012.09.05 12:03:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
  304. [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
  305. [2014.01.06 21:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions
  306. [2013.04.29 21:37:18 | 000,000,000 | ---D | M] ("SimilarSites") -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
  307. [2013.02.21 21:29:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\plugin@yontoo.com
  308. [2013.04.29 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profilesr5eatd9g.default\extensions
  309. [2013.04.29 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profilesr5eatd9g.default\extensions\staged
  310. [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
  311. [2013.02.21 19:56:49 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\plugin@yontoo.com.xpi
  312. [2012.11.14 22:45:55 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\torntv@torntv.com.xpi
  313. [2013.06.30 10:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\trtv3@trtv.com.xpi
  314. [2013.05.01 17:03:33 | 000,002,352 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\babylon.xml
  315. [2012.11.14 22:46:20 | 000,002,536 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\browsemngr.xml
  316. [2013.11.11 20:47:05 | 000,001,401 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\ividi.xml
  317. [2013.11.15 10:07:43 | 000,000,339 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\Search the Web.xml
  318. [2013.11.11 20:47:13 | 000,000,487 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\search.xml
  319. [2013.11.09 12:51:08 | 000,000,415 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\search.xml.old
  320. [2013.04.29 21:37:34 | 000,001,407 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\tuvaro.xml
  321. [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
  322. [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  323. [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
  324. [2013.12.20 09:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
  325. [2013.12.20 09:30:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  326. File not found (No name found) -- C:\USERS\RUGILÄ—\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5EATD9G.DEFAULT\EXTENSIONS\{E71B541F-5E72-5555-A47C-E47863195841}
  327. File not found (No name found) -- C:\USERS\RUGILÄ—\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5EATD9G.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
  328. [2013.12.18 20:42:36 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
  329. [2012.11.14 22:46:05 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  330. [2013.11.11 20:15:05 | 000,000,517 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml
  331.  
  332. O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  333. O2:[b]64bit:[/b] - BHO: (no name) - {11111111-1111-1111-1111-110311551178} - No CLSID value found.
  334. O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  335. O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  336. O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
  337. O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  338. O2:[b]64bit:[/b] - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
  339. O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
  340. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  341. O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
  342. O2 - BHO: (no name) - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - No CLSID value found.
  343. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  344. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  345. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  346. O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
  347. O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
  348. O4:[b]64bit:[/b] - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
  349. O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
  350. O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
  351. O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
  352. O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
  353. O4:[b]64bit:[/b] - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
  354. O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
  355. O4 - HKLM..\Run: []  File not found
  356. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
  357. O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
  358. O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
  359. O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
  360. O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
  361. O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
  362. O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
  363. O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
  364. O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
  365. O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [dxhxttympx] wscript.exe //B "C:\Users\RUGIL~1\AppData\Local\Temp\dxhxttympx.vbs" File not found
  366. O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [HW_OPENEYE_OUC_Tele2 Mobile Partner] C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe ()
  367. O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity)
  368. O4:[b]64bit:[/b] - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
  369. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  370. O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  371. O4 - Startup: C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxhxttympx.vbs ()
  372. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  373. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  374. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
  375. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
  376. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  377. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  378. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
  379. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
  380. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
  381. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
  382. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
  383. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
  384. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
  385. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
  386. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
  387. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
  388. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
  389. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
  390. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
  391. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
  392. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
  393. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
  394. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
  395. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
  396. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
  397. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
  398. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
  399. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
  400. O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
  401. O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
  402. O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
  403. O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
  404. O8:[b]64bit:[/b] - Extra context menu item: E&ksportuoti į Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
  405. O8:[b]64bit:[/b] - Extra context menu item: Sių&sti į OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  406. O8 - Extra context menu item: E&ksportuoti į Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
  407. O8 - Extra context menu item: Sių&sti į OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  408. O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  409. O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  410. O9:[b]64bit:[/b] - Extra Button: Siųsti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  411. O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Sių&sti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  412. O9:[b]64bit:[/b] - Extra Button: OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  413. O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  414. O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
  415. O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
  416. O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
  417. O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  418. O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  419. O9 - Extra Button: Siųsti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  420. O9 - Extra 'Tools' menuitem : Sių&sti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  421. O9 - Extra Button: OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  422. O9 - Extra 'Tools' menuitem : OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  423. O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  424. O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
  425. O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
  426. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
  427. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
  428. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
  429. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
  430. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  431. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
  432. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  433. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  434. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
  435. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  436. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  437. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  438. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  439. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  440. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  441. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  442. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  443. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  444. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  445. O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
  446. O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
  447. O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
  448. O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
  449. O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
  450. O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  451. O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
  452. O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  453. O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
  454. O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
  455. O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  456. O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  457. O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  458. O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  459. O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  460. O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  461. O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  462. O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  463. O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  464. O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  465. O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
  466. O13[b]64bit:[/b] - gopher Prefix: missing
  467. O13 - gopher Prefix: missing
  468. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
  469. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012C11C0-D3A1-4807-91EF-87E04BF282F2}: DhcpNameServer = 10.0.0.1
  470. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204B8BD5-A821-4758-9B13-3099902F2084}: NameServer = 212.247.156.66 212.247.156.70
  471. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50002B8F-8B5D-434A-BCA4-7D3EA1D4C9FE}: NameServer = 212.247.156.66 212.247.156.70
  472. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A96F3F6-8BBD-4FBB-B5FB-0BBE8CBE590D}: NameServer = 212.247.156.66 212.247.156.70
  473. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE0E522-9F42-43B7-A174-863CDA74DF6B}: NameServer = 194.176.32.142 194.176.32.163
  474. O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  475. O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  476. O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
  477. O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  478. O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  479. O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  480. O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  481. O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
  482. O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  483. O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
  484. O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  485. O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  486. O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
  487. O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
  488. O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
  489. O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
  490. O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
  491. O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  492. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  493. O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
  494. O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
  495. O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
  496. O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
  497. O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
  498. O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  499. O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  500. O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
  501. O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  502. O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  503. O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  504. O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  505. O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
  506. O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  507. O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
  508. O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  509. O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  510. O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
  511. O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
  512. O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
  513. O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
  514. O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
  515. O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  516. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  517. O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
  518. O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
  519. O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
  520. O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
  521. O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
  522. O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  523. O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  524. O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
  525. O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
  526. O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  527. O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  528. O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
  529. O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
  530. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  531. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  532. O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
  533. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  534. O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
  535. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
  536. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  537. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  538. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  539. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  540. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  541. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
  542. O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
  543. O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
  544. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
  545. O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
  546. O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
  547. O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
  548. O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
  549. O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
  550. O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
  551. O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
  552. O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
  553. O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
  554. O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
  555. O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
  556. O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
  557. O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
  558. O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
  559. O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
  560. O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
  561. O31 - SafeBoot: AlternateShell - cmd.exe
  562. O32 - HKLM CDRom: AutoRun - 1
  563. O32 - AutoRun File - [2014.01.23 17:46:40 | 000,000,491 | ---- | M] () - E:\autorun.lnk -- [ FAT32 ]
  564. O33 - MountPoints2\{0c5c3737-595e-11e2-8f2f-685d4346a103}\Shell - "" = AutoRun
  565. O33 - MountPoints2\{0c5c3737-595e-11e2-8f2f-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  566. O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell - "" = AutoRun
  567. O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\AutoRun\command - "" = E:\SETUP.EXE
  568. O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\configure\command - "" = E:\SETUP.EXE
  569. O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\install\command - "" = E:\SETUP.EXE
  570. O33 - MountPoints2\{641b3e43-58d1-11e2-afd2-001e101fabdd}\Shell - "" = AutoRun
  571. O33 - MountPoints2\{641b3e43-58d1-11e2-afd2-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  572. O33 - MountPoints2\{8aad251b-f6b2-11e1-9b23-685d4346a103}\Shell - "" = AutoRun
  573. O33 - MountPoints2\{8aad251b-f6b2-11e1-9b23-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  574. O33 - MountPoints2\{9eb65981-f51e-11e1-aea1-685d4346a0ff}\Shell - "" = AutoRun
  575. O33 - MountPoints2\{9eb65981-f51e-11e1-aea1-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  576. O33 - MountPoints2\{b4fee3f5-f4ca-11e1-a1f0-685d4346a0ff}\Shell - "" = AutoRun
  577. O33 - MountPoints2\{b4fee3f5-f4ca-11e1-a1f0-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  578. O33 - MountPoints2\{b4fee41b-f4ca-11e1-a1f0-685d4346a0ff}\Shell - "" = AutoRun
  579. O33 - MountPoints2\{b4fee41b-f4ca-11e1-a1f0-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  580. O33 - MountPoints2\{b5815f95-63a0-11e2-965c-685d4346a0ff}\Shell - "" = AutoRun
  581. O33 - MountPoints2\{b5815f95-63a0-11e2-965c-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  582. O33 - MountPoints2\{f8daec0f-5951-11e2-bf66-685d4346a103}\Shell - "" = AutoRun
  583. O33 - MountPoints2\{f8daec0f-5951-11e2-bf66-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe
  584. O33 - MountPoints2\E\Shell - "" = AutoRun
  585. O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
  586. O34 - HKLM BootExecute: (autocheck autochk *)
  587. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  588. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  589. O35 - HKLM\..comfile [open] -- "%1" %*
  590. O35 - HKLM\..exefile [open] -- "%1" %*
  591. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  592. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  593. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  594. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  595. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  596. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  597. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  598.  
  599.  
  600. MsConfig:64bit - StartUpReg: [b]BitTorrent Sync[/b] - hkey= - key= -  File not found
  601. MsConfig:64bit - StartUpReg: [b]Easybits Recovery[/b] - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
  602. MsConfig:64bit - StartUpReg: [b]Guard[/b] - hkey= - key= -  File not found
  603. MsConfig:64bit - StartUpReg: [b]mobilegeni daemon[/b] - hkey= - key= -  File not found
  604. MsConfig:64bit - StartUpReg: [b]SetDefault[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
  605. MsConfig:64bit - StartUpReg: [b]Torntv Downloader[/b] - hkey= - key= -  File not found
  606. MsConfig:64bit - StartUpReg: [b]uTorrent[/b] - hkey= - key= - C:\Users\Rugilė\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
  607. MsConfig:64bit - State: "startup" - Reg Error: Key error.
  608.  
  609. SafeBootMin:[b]64bit:[/b] AppMgmt - Service
  610. SafeBootMin:[b]64bit:[/b] Base - Driver Group
  611. SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
  612. SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
  613. SafeBootMin:[b]64bit:[/b] File system - Driver Group
  614. SafeBootMin:[b]64bit:[/b] Filter - Driver Group
  615. SafeBootMin:[b]64bit:[/b] HelpSvc - Service
  616. SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
  617. SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
  618. SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
  619. SafeBootMin:[b]64bit:[/b] sacsvr - Service
  620. SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
  621. SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
  622. SafeBootMin:[b]64bit:[/b] vmms - Service
  623. SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
  624. SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
  625. SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
  626. SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
  627. SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
  628. SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
  629. SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
  630. SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
  631. SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
  632. SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
  633. SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
  634. SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
  635. SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
  636. SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
  637. SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
  638. SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
  639. SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
  640. SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  641. SafeBootMin: AppMgmt - Service
  642. SafeBootMin: Base - Driver Group
  643. SafeBootMin: Boot Bus Extender - Driver Group
  644. SafeBootMin: Boot file system - Driver Group
  645. SafeBootMin: File system - Driver Group
  646. SafeBootMin: Filter - Driver Group
  647. SafeBootMin: HelpSvc - Service
  648. SafeBootMin: PCI Configuration - Driver Group
  649. SafeBootMin: PNP Filter - Driver Group
  650. SafeBootMin: Primary disk - Driver Group
  651. SafeBootMin: sacsvr - Service
  652. SafeBootMin: SCSI Class - Driver Group
  653. SafeBootMin: System Bus Extender - Driver Group
  654. SafeBootMin: vmms - Service
  655. SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
  656. SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
  657. SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
  658. SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
  659. SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
  660. SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
  661. SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
  662. SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
  663. SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
  664. SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
  665. SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
  666. SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
  667. SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
  668. SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
  669. SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
  670. SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
  671. SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  672.  
  673. SafeBootNet:[b]64bit:[/b] AppMgmt - Service
  674. SafeBootNet:[b]64bit:[/b] Base - Driver Group
  675. SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
  676. SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
  677. SafeBootNet:[b]64bit:[/b] File system - Driver Group
  678. SafeBootNet:[b]64bit:[/b] Filter - Driver Group
  679. SafeBootNet:[b]64bit:[/b] HelpSvc - Service
  680. SafeBootNet:[b]64bit:[/b] Messenger - Service
  681. SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
  682. SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
  683. SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
  684. SafeBootNet:[b]64bit:[/b] Network - Driver Group
  685. SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
  686. SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
  687. SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
  688. SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
  689. SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
  690. SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
  691. SafeBootNet:[b]64bit:[/b] sacsvr - Service
  692. SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
  693. SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
  694. SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
  695. SafeBootNet:[b]64bit:[/b] TDI - Driver Group
  696. SafeBootNet:[b]64bit:[/b] vmms - Service
  697. SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
  698. SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
  699. SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
  700. SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
  701. SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
  702. SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
  703. SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
  704. SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
  705. SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
  706. SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
  707. SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
  708. SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
  709. SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
  710. SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
  711. SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
  712. SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
  713. SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
  714. SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
  715. SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
  716. SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
  717. SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
  718. SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
  719. SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
  720. SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  721. SafeBootNet: AppMgmt - Service
  722. SafeBootNet: Base - Driver Group
  723. SafeBootNet: Boot Bus Extender - Driver Group
  724. SafeBootNet: Boot file system - Driver Group
  725. SafeBootNet: File system - Driver Group
  726. SafeBootNet: Filter - Driver Group
  727. SafeBootNet: HelpSvc - Service
  728. SafeBootNet: Messenger - Service
  729. SafeBootNet: NDIS Wrapper - Driver Group
  730. SafeBootNet: NetBIOSGroup - Driver Group
  731. SafeBootNet: NetDDEGroup - Driver Group
  732. SafeBootNet: Network - Driver Group
  733. SafeBootNet: NetworkProvider - Driver Group
  734. SafeBootNet: PCI Configuration - Driver Group
  735. SafeBootNet: PNP Filter - Driver Group
  736. SafeBootNet: PNP_TDI - Driver Group
  737. SafeBootNet: Primary disk - Driver Group
  738. SafeBootNet: rdsessmgr - Service
  739. SafeBootNet: sacsvr - Service
  740. SafeBootNet: SCSI Class - Driver Group
  741. SafeBootNet: Streams Drivers - Driver Group
  742. SafeBootNet: System Bus Extender - Driver Group
  743. SafeBootNet: TDI - Driver Group
  744. SafeBootNet: vmms - Service
  745. SafeBootNet: WudfUsbccidDriver - Driver
  746. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
  747. SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
  748. SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
  749. SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
  750. SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
  751. SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
  752. SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
  753. SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
  754. SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
  755. SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
  756. SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
  757. SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
  758. SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
  759. SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
  760. SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
  761. SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
  762. SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
  763. SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
  764. SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
  765. SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
  766. SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
  767. SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  768.  
  769. ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
  770. ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
  771. ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
  772. ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
  773. ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
  774. ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
  775. ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
  776. ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
  777. ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
  778. ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
  779. ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
  780. ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
  781. ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
  782. ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
  783. ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
  784. ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
  785. ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
  786. ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
  787. ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
  788. ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
  789. ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
  790. ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
  791. ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
  792. ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
  793. ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
  794. ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
  795. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
  796. ActiveX: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
  797. ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
  798. ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
  799. ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
  800. ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
  801. ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
  802. ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
  803. ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
  804. ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
  805. ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
  806. ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
  807. ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
  808. ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
  809. ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
  810. ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
  811. ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
  812. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
  813. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
  814. ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
  815. ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
  816.  
  817. Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
  818. Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
  819. Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
  820.  
  821. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  822.  
  823. [2014.01.23 19:22:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr
  824. [2014.01.23 19:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
  825. [2014.01.23 19:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield
  826. [2014.01.23 19:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield
  827. [2014.01.23 12:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Roaming\Malwarebytes
  828. [2014.01.23 12:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
  829. [2014.01.23 12:04:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
  830. [2014.01.23 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
  831. [2014.01.23 12:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
  832. [2014.01.23 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Programs
  833. [2014.01.19 12:08:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\Išsikelti
  834. [2014.01.15 13:23:02 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
  835. [2014.01.15 13:23:01 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
  836. [2014.01.15 13:23:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
  837. [2014.01.12 09:51:21 | 000,000,000 | -HSD | C] -- C:\found.000
  838. [2014.01.08 21:18:19 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Microsoft Games
  839. [2014.01.07 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\sti
  840. [2014.01.07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\km
  841. [2014.01.06 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
  842. [2014.01.06 21:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBM
  843. [2014.01.06 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\SPSSInc
  844. [2014.01.06 20:39:57 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\.android
  845. [2014.01.06 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\genienext
  846. [2014.01.06 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\cache
  847. [2014.01.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\Mobogenie
  848. [2014.01.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Mobogenie
  849. [2014.01.06 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS Inc
  850. [2014.01.06 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPSS
  851. [2014.01.06 20:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPSSInc
  852. [2014.01.06 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\SPSS v20 - 32bit
  853. [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  854. [1 C:\Users\Rugilė\Desktop\*.tmp files -> C:\Users\Rugilė\Desktop\*.tmp -> ]
  855.  
  856. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  857.  
  858. [2014.01.23 19:24:02 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  859. [2014.01.23 19:24:02 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  860. [2014.01.23 19:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr
  861. [2014.01.23 19:22:04 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  862. [2014.01.23 19:22:04 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  863. [2014.01.23 19:22:04 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  864. [2014.01.23 19:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  865. [2014.01.23 19:18:32 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
  866. [2014.01.23 19:16:52 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
  867. [2014.01.23 19:16:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  868. [2014.01.23 19:16:47 | 3144,396,800 | -HS- | M] () -- C:\hiberfil.sys
  869. [2014.01.23 12:04:22 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  870. [2014.01.23 11:59:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRugilė.job
  871. [2014.01.19 12:20:04 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
  872. [2014.01.18 10:00:20 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
  873. [2014.01.16 15:52:37 | 000,418,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
  874. [2014.01.06 21:01:15 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
  875. [2014.01.06 20:37:41 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth2.dll
  876. [2014.01.06 20:37:41 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth1.dll
  877. [2014.01.06 20:37:41 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.tgz
  878. [2014.01.06 20:37:41 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.dll
  879. [2014.01.06 20:34:29 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
  880. [2014.01.06 20:34:29 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
  881. [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  882. [1 C:\Users\Rugilė\Desktop\*.tmp files -> C:\Users\Rugilė\Desktop\*.tmp -> ]
  883.  
  884. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  885.  
  886. [2014.01.23 19:18:32 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk
  887. [2014.01.23 12:04:22 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  888. [2014.01.23 12:03:52 | 000,096,879 | -HS- | C] () -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxhxttympx.vbs
  889. [2014.01.06 20:37:41 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
  890. [2014.01.06 20:37:41 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
  891. [2014.01.06 20:37:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.tgz
  892. [2014.01.06 20:37:41 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
  893. [2013.12.12 00:14:44 | 000,083,107 | ---- | C] () -- C:\Users\Rugilė\doge.jpg
  894. [2013.11.28 16:49:37 | 012,089,065 | ---- | C] () -- C:\Users\Rugilė\althusser.zip
  895. [2013.11.05 22:36:36 | 000,932,195 | ---- | C] () -- C:\Users\Rugilė\STI KONSPEKTAS.pdf
  896. [2013.11.04 17:54:43 | 001,608,681 | ---- | C] () -- C:\Users\Rugilė\ZA4775_v1-0-0.sav
  897. [2013.11.04 17:49:31 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
  898. [2013.11.04 17:49:31 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
  899. [2013.10.16 20:25:14 | 000,003,214 | ---- | C] () -- C:\Users\Rugilė\download.php
  900. [2013.10.16 20:23:39 | 004,459,922 | ---- | C] () -- C:\Users\Rugilė\17896_070825031503.mp3
  901. [2013.10.16 20:21:38 | 004,199,415 | ---- | C] () -- C:\Users\Rugilė\shape of my heart.mp3
  902. [2013.10.16 20:21:12 | 000,000,570 | ---- | C] () -- C:\Users\Rugilė\633434535879218750.mp3
  903. [2013.10.16 20:20:59 | 000,036,766 | ---- | C] () -- C:\Users\Rugilė\BtpkWmwU.htm
  904. [2013.10.16 11:39:33 | 000,146,099 | ---- | C] () -- C:\Users\Rugilė\VA 6 seminaras.pdf
  905. [2013.10.16 11:39:04 | 000,192,685 | ---- | C] () -- C:\Users\Rugilė\INDUKCIJOS PROBLEMA.pdf
  906. [2013.10.15 22:42:13 | 006,430,555 | ---- | C] () -- C:\Users\Rugilė\e09b353d2879fa1f149b29ecac9ddf04.mp3
  907. [2013.10.14 16:28:37 | 009,530,140 | ---- | C] () -- C:\Users\Rugilė\VA sestapaskaita.zip
  908. [2013.10.14 16:28:30 | 001,482,714 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145433.jpg
  909. [2013.10.14 16:28:27 | 001,710,484 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145500.jpg
  910. [2013.10.14 16:28:21 | 001,608,758 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145510.jpg
  911. [2013.10.14 16:28:18 | 001,575,338 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145521.jpg
  912. [2013.10.14 16:28:15 | 001,576,012 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145536.jpg
  913. [2013.10.14 16:28:12 | 001,580,230 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145545.jpg
  914. [2013.09.25 18:37:41 | 021,416,616 | ---- | C] () -- C:\Users\Rugilė\savizudybe).zip
  915. [2013.09.25 18:36:52 | 017,475,973 | ---- | C] () -- C:\Users\Rugilė\savuzzzudybe.zip
  916. [2013.09.23 19:04:12 | 000,130,868 | ---- | C] () -- C:\Users\Rugilė\img.lrytas.lt
  917. [2013.09.23 19:03:58 | 000,091,834 | ---- | C] () -- C:\Users\Rugilė\1170683_664599760219780_1102153932_n.jpg
  918. [2013.09.16 16:18:00 | 004,386,651 | ---- | C] () -- C:\Users\Rugilė\Sti2.zip
  919. [2013.09.16 16:16:50 | 021,571,087 | ---- | C] () -- C:\Users\Rugilė\Sti.zip
  920. [2013.09.16 16:14:06 | 018,427,819 | ---- | C] () -- C:\Users\Rugilė\VA tekstas.zip
  921. [2013.09.12 17:29:08 | 000,287,211 | ---- | C] () -- C:\Users\Rugilė\Lemert - social theory.pdf
  922. [2013.09.12 17:28:37 | 021,238,350 | ---- | C] () -- C:\Users\Rugilė\Discovering Statistics Using SPSS (Introducing Statistical Method), 3rd edition.pdf
  923. [2013.09.12 14:46:37 | 025,360,196 | ---- | C] () -- C:\Users\Rugilė\Nisbetas1.zip
  924. [2013.09.03 12:39:58 | 003,211,672 | ---- | C] () -- C:\Users\Rugilė\Italu_kalbos_pratimai_pradedantiems_Luca_Pavan.pdf
  925. [2012.08.18 23:28:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
  926. [2012.06.15 20:12:52 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
  927. [2012.03.25 06:27:56 | 000,765,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  928. [2012.02.15 12:51:02 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
  929. [2012.02.15 12:51:02 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
  930. [2012.02.15 12:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
  931. [2012.02.15 12:01:52 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
  932. [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
  933.  
  934. [color=#E56717]========== ZeroAccess Check ==========[/color]
  935.  
  936. [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  937.  
  938. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  939.  
  940. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  941.  
  942. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  943.  
  944. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  945.  
  946. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  947. "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
  948. "ThreadingModel" = Apartment
  949.  
  950. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  951. "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
  952. "ThreadingModel" = Apartment
  953.  
  954. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  955. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  956. "ThreadingModel" = Free
  957.  
  958. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  959. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  960. "ThreadingModel" = Free
  961.  
  962. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  963. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  964. "ThreadingModel" = Both
  965.  
  966. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  967.  
  968. [color=#E56717]========== LOP Check ==========[/color]
  969.  
  970. [2013.05.10 09:39:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
  971. [2013.05.10 09:39:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
  972. [2013.04.29 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Applian FLV and Media Player
  973. [2013.08.29 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG
  974. [2013.08.29 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG2013
  975. [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Babylon
  976. [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BabylonToolbar
  977. [2013.11.11 21:19:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BitTorrent Sync
  978. [2013.11.04 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Eclipse
  979. [2013.11.11 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\iSafe
  980. [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Opera
  981. [2013.04.23 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Oracle
  982. [2013.12.19 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SoftGrid Client
  983. [2013.12.10 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SPSSInc
  984. [2012.08.18 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Synaptics
  985. [2012.08.18 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TP
  986. [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TuneUp Software
  987. [2014.01.23 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\uTorrent
  988. [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WildTangent
  989. [2013.11.11 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WinZipper
  990. [2014.01.12 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\_MDLogs
  991.  
  992. [color=#E56717]========== Purity Check ==========[/color]
  993.  
  994.  
  995.  
  996. [color=#E56717]========== Custom Scans ==========[/color]
  997.  
  998. [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
  999. [2010.11.21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
  1000. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
  1001. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
  1002. [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
  1003. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
  1004. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
  1005. [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
  1006. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
  1007. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
  1008. [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
  1009. [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
  1010. [2014.01.23 19:16:47 | 3144,396,800 | -HS- | M] () -- C:\hiberfil.sys
  1011. [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
  1012. [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
  1013. [2007.11.07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
  1014. [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
  1015. [2007.11.07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
  1016. [2007.11.07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
  1017. [2007.11.07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
  1018. [2007.11.07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
  1019. [2007.11.07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
  1020. [2007.11.07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
  1021. [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
  1022. [2014.01.23 19:16:47 | 4192,530,432 | -HS- | M] () -- C:\pagefile.sys
  1023. [2013.04.29 21:37:34 | 000,000,041 | ---- | M] () -- C:\user.js
  1024. [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
  1025. [2007.11.07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
  1026. [2007.11.07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
  1027. [2013.11.11 20:47:21 | 000,000,000 | ---- | M] () -- C:\Web Data
  1028.  
  1029. [color=#A23BEC]< %USERPROFILE%\*.* >[/color]
  1030. [2013.10.02 22:01:52 | 000,033,792 | ---- | M] () -- C:\Users\Rugilė\.....doc
  1031. [2013.09.23 19:03:59 | 000,091,834 | ---- | M] () -- C:\Users\Rugilė\1170683_664599760219780_1102153932_n.jpg
  1032. [2013.10.16 20:23:52 | 004,459,922 | ---- | M] () -- C:\Users\Rugilė\17896_070825031503.mp3
  1033. [2013.10.16 20:21:10 | 000,000,570 | ---- | M] () -- C:\Users\Rugilė\633434535879218750.mp3
  1034. [2013.11.28 16:49:37 | 012,089,065 | ---- | M] () -- C:\Users\Rugilė\althusser.zip
  1035. [2013.10.16 20:20:57 | 000,036,766 | ---- | M] () -- C:\Users\Rugilė\BtpkWmwU.htm
  1036. [2014.01.06 20:39:54 | 000,000,000 | ---- | M] () -- C:\Users\Rugilė\daemonprocess.txt
  1037. [2013.10.08 21:17:32 | 000,016,722 | ---- | M] () -- C:\Users\Rugilė\Dažnių pasiskirstymas yra pateikiamas  dažnių lentelėse.docx
  1038. [2013.09.11 23:32:44 | 021,238,350 | ---- | M] () -- C:\Users\Rugilė\Discovering Statistics Using SPSS (Introducing Statistical Method), 3rd edition.pdf
  1039. [2013.12.16 22:44:49 | 000,083,107 | ---- | M] () -- C:\Users\Rugilė\doge.jpg
  1040. [2013.10.16 20:25:10 | 000,003,214 | ---- | M] () -- C:\Users\Rugilė\download.php
  1041. [2013.10.15 22:42:19 | 006,430,555 | ---- | M] () -- C:\Users\Rugilė\e09b353d2879fa1f149b29ecac9ddf04.mp3
  1042. [2013.09.23 19:04:13 | 000,130,868 | ---- | M] () -- C:\Users\Rugilė\img.lrytas.lt
  1043. [2013.10.14 13:54:33 | 001,482,714 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145433.jpg
  1044. [2013.10.14 13:55:00 | 001,710,484 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145500.jpg
  1045. [2013.10.14 13:55:10 | 001,608,758 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145510.jpg
  1046. [2013.10.14 13:55:21 | 001,575,338 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145521.jpg
  1047. [2013.10.14 13:55:36 | 001,576,012 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145536.jpg
  1048. [2013.10.14 13:55:46 | 001,580,230 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145545.jpg
  1049. [2013.10.16 11:39:05 | 000,192,685 | ---- | M] () -- C:\Users\Rugilė\INDUKCIJOS PROBLEMA.pdf
  1050. [2013.09.03 12:39:58 | 003,211,672 | ---- | M] () -- C:\Users\Rugilė\Italu_kalbos_pratimai_pradedantiems_Luca_Pavan.pdf
  1051. [2013.11.25 18:41:13 | 000,047,616 | ---- | M] () -- C:\Users\Rugilė\Juralevičienė Jūratė.doc
  1052. [2013.12.02 21:09:39 | 000,027,136 | ---- | M] () -- C:\Users\Rugilė\kad valstyb.doc
  1053. [2013.12.16 12:07:25 | 000,033,280 | ---- | M] () -- C:\Users\Rugilė\kmKARTOJIMAS.doc
  1054. [2013.09.07 17:37:32 | 000,287,211 | ---- | M] () -- C:\Users\Rugilė\Lemert - social theory.pdf
  1055. [2013.11.25 18:43:26 | 000,042,496 | ---- | M] () -- C:\Users\Rugilė\Nakrošis Vitalis.doc
  1056. [2013.09.12 14:47:52 | 025,360,196 | ---- | M] () -- C:\Users\Rugilė\Nisbetas1.zip
  1057. [2014.01.23 19:32:16 | 005,767,168 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT
  1058. [2014.01.23 19:32:16 | 000,262,144 | -HS- | M] () -- C:\Users\Rugilė\ntuser.dat.LOG1
  1059. [2012.08.18 13:30:49 | 000,000,000 | -HS- | M] () -- C:\Users\Rugilė\ntuser.dat.LOG2
  1060. [2012.08.18 13:53:49 | 000,065,536 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
  1061. [2012.08.18 13:53:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
  1062. [2012.08.18 13:53:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
  1063. [2013.08.29 18:46:53 | 000,065,536 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TM.blf
  1064. [2013.08.29 18:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TMContainer00000000000000000001.regtrans-ms
  1065. [2013.08.29 18:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TMContainer00000000000000000002.regtrans-ms
  1066. [2012.08.18 13:30:50 | 000,000,020 | -HS- | M] () -- C:\Users\Rugilė\ntuser.ini
  1067. [2013.09.25 18:37:51 | 021,416,616 | ---- | M] () -- C:\Users\Rugilė\savizudybe).zip
  1068. [2013.09.25 18:37:21 | 017,475,973 | ---- | M] () -- C:\Users\Rugilė\savuzzzudybe.zip
  1069. [2013.10.16 20:21:48 | 004,199,415 | ---- | M] () -- C:\Users\Rugilė\shape of my heart.mp3
  1070. [2013.10.17 21:31:04 | 000,020,213 | ---- | M] () -- C:\Users\Rugilė\Simbolinis interakcionizmas.docx
  1071. [2013.11.28 19:55:11 | 000,050,688 | ---- | M] () -- C:\Users\Rugilė\SMF KONSPEKTAS.doc
  1072. [2013.09.18 10:55:54 | 000,029,696 | ---- | M] () -- C:\Users\Rugilė\SMF PASKAITA.doc
  1073. [2013.10.24 16:48:29 | 000,031,744 | ---- | M] () -- C:\Users\Rugilė\SMFANTRAS.doc
  1074. [2013.10.30 11:32:41 | 000,038,912 | ---- | M] () -- C:\Users\Rugilė\smfastuoni.doc
  1075. [2013.11.27 13:27:28 | 000,035,840 | ---- | M] () -- C:\Users\Rugilė\smfdvylika.doc
  1076. [2013.12.12 22:27:27 | 000,019,756 | ---- | M] () -- C:\Users\Rugilė\smfseminaras keturioliktas.docx
  1077. [2013.09.18 10:45:55 | 000,031,232 | ---- | M] () -- C:\Users\Rugilė\ST PASKAITA.doc
  1078. [2013.09.18 21:23:16 | 000,059,904 | ---- | M] () -- C:\Users\Rugilė\STI konspektas.doc
  1079. [2013.11.06 09:18:55 | 000,932,195 | ---- | M] () -- C:\Users\Rugilė\STI KONSPEKTAS.pdf
  1080. [2013.10.16 18:27:07 | 000,016,231 | ---- | M] () -- C:\Users\Rugilė\STI PASKAITA.doc
  1081. [2013.09.16 16:17:48 | 021,571,087 | ---- | M] () -- C:\Users\Rugilė\Sti.zip
  1082. [2013.09.16 16:18:11 | 004,386,651 | ---- | M] () -- C:\Users\Rugilė\Sti2.zip
  1083. [2013.12.09 18:12:43 | 000,031,232 | ---- | M] () -- C:\Users\Rugilė\stiliet.doc
  1084. [2013.10.28 17:50:09 | 000,027,648 | ---- | M] () -- C:\Users\Rugilė\STĮJJJ.doc
  1085. [2013.11.18 22:00:42 | 000,038,400 | ---- | M] () -- C:\Users\Rugilė\Tirštasis aprašymas.doc
  1086. [2013.09.24 15:15:01 | 000,030,208 | ---- | M] () -- C:\Users\Rugilė\TYRIMO INSTRUMENTAS.doc
  1087. [2013.10.16 11:39:34 | 000,146,099 | ---- | M] () -- C:\Users\Rugilė\VA 6 seminaras.pdf
  1088. [2013.11.25 18:49:13 | 000,045,056 | ---- | M] () -- C:\Users\Rugilė\VA PRISTATYMAS (Rugilė J.).doc
  1089. [2013.10.01 14:55:05 | 000,043,520 | ---- | M] () -- C:\Users\Rugilė\VA PRISTATYMAS.doc
  1090. [2013.11.25 18:44:26 | 000,751,104 | ---- | M] () -- C:\Users\Rugilė\VA seminaru konspektas(1).doc
  1091. [2013.10.09 09:12:37 | 000,213,509 | ---- | M] () -- C:\Users\Rugilė\VA seminaru konspektas.doc
  1092. [2013.10.14 16:28:54 | 009,530,140 | ---- | M] () -- C:\Users\Rugilė\VA sestapaskaita.zip
  1093. [2013.09.16 16:14:29 | 018,427,819 | ---- | M] () -- C:\Users\Rugilė\VA tekstas.zip
  1094. [2013.11.26 21:01:03 | 000,103,936 | ---- | M] () -- C:\Users\Rugilė\va.doc
  1095. [2013.10.01 16:12:22 | 002,118,499 | ---- | M] () -- C:\Users\Rugilė\VAPRISTATYMAS.pptx
  1096. [2013.11.25 18:52:29 | 002,127,996 | ---- | M] () -- C:\Users\Rugilė\VAPRISTATYMASgeras.pptx
  1097. [2013.12.04 20:11:23 | 000,019,454 | ---- | M] () -- C:\Users\Rugilė\Viena iš svarbiausių viešojo sektoriaus sričių.docx
  1098. [2013.12.09 23:11:37 | 000,020,296 | ---- | M] () -- C:\Users\Rugilė\Vilniaus universitetas.docx
  1099. [2013.11.26 19:47:16 | 000,035,328 | ---- | M] () -- C:\Users\Rugilė\Weber.doc
  1100. [2013.10.03 22:27:13 | 000,018,247 | ---- | M] () -- C:\Users\Rugilė\Well.docx
  1101. [2013.11.04 17:47:10 | 001,608,681 | ---- | M] () -- C:\Users\Rugilė\ZA4775_v1-0-0.sav
  1102.  
  1103. [color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color]
  1104. [2014.01.07 10:24:32 | 000,109,976 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\GDIPFONTCACHEV1.DAT
  1105. [2014.01.23 19:16:05 | 000,843,133 | -H-- | M] () -- C:\Users\Rugilė\AppData\Local\IconCache.db
  1106.  
  1107. [color=#A23BEC]< %USERPROFILE%\AppData\Local\*. >[/color]
  1108. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Adobe
  1109. [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Application Data
  1110. [2012.08.18 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\AuthenTec
  1111. [2013.08.29 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Avg2013
  1112. [2014.01.06 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\cache
  1113. [2012.09.05 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Conduit
  1114. [2014.01.22 11:53:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CrashDumps
  1115. [2012.09.05 12:06:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CRE
  1116. [2012.08.18 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CyberLink
  1117. [2014.01.10 19:59:49 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Diagnostics
  1118. [2013.08.29 12:47:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Discount Buddy
  1119. [2014.01.06 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\genienext
  1120. [2012.09.05 12:06:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Google
  1121. [2012.11.05 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Hewlett-Packard
  1122. [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Hewlett-Packard_Company
  1123. [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\History
  1124. [2013.09.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\HP
  1125. [2013.11.11 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\IBM
  1126. [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Intel
  1127. [2013.12.10 17:20:09 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\javasharedresources
  1128. [2013.09.03 14:40:35 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Macromedia
  1129. [2013.04.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\MFAData
  1130. [2014.01.06 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft
  1131. [2014.01.08 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft Games
  1132. [2013.01.11 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft Help
  1133. [2014.01.06 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Mobogenie
  1134. [2013.10.01 17:19:49 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Mozilla
  1135. [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Opera
  1136. [2014.01.23 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Programs
  1137. [2012.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\RemEngine
  1138. [2012.08.18 14:01:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\SoftGrid Client
  1139. [2014.01.23 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Temp
  1140. [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Temporary Internet Files
  1141. [2014.01.06 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\VirtualStore
  1142. [2013.03.05 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{0B0842A6-736E-492E-9B3C-7557710FD55F}
  1143. [2013.03.05 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{1505EFF1-88A1-4716-BE75-16FCD5468557}
  1144. [2013.02.25 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{9A997684-D6B1-4236-97BA-09F58420B37E}
  1145.  
  1146. [color=#A23BEC]< %USERPROFILE%\AppData\Local\temp\*.exe >[/color]
  1147. [2013.11.11 20:15:03 | 001,541,736 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Rugilė\AppData\Local\temp\BTSync.exe
  1148. [2008.10.15 12:42:52 | 000,050,432 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\temp\Extract.exe
  1149. [2013.08.29 13:03:06 | 004,543,000 | ---- | M] (AVG Secure Search) -- C:\Users\Rugilė\AppData\Local\temp\oi_{FA5A2C24-7276-4C0F-A37E-7FA65D9065F4}.exe
  1150. [2014.01.06 19:58:48 | 028,419,680 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\temp\Softonic_EN_1-5-4_EN.exe
  1151. [2013.07.24 15:57:48 | 006,657,472 | ---- | M] (Hewlett-Packard Company                                     ) -- C:\Users\Rugilė\AppData\Local\temp\SP59551.exe
  1152. [2013.08.01 09:59:34 | 009,982,176 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\Rugilė\AppData\Local\temp\SP61037.exe
  1153. [2013.08.01 10:03:38 | 069,668,656 | ---- | M] (Hewlett-Packard                                             ) -- C:\Users\Rugilė\AppData\Local\temp\SP61399.exe
  1154. [2014.01.08 17:50:38 | 001,968,152 | ---- | M] (AVG Technologies) -- C:\Users\Rugilė\AppData\Local\temp\UNINSTALL.exe
  1155. [39 C:\Users\Rugilė\AppData\Local\temp\*.tmp files -> C:\Users\Rugilė\AppData\Local\temp\*.tmp -> ]
  1156.  
  1157. [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color]
  1158.  
  1159. [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*. >[/color]
  1160. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Adobe
  1161. [2013.04.29 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Applian FLV and Media Player
  1162. [2013.08.29 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG
  1163. [2013.08.29 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG2013
  1164. [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Babylon
  1165. [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BabylonToolbar
  1166. [2013.11.11 21:19:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BitTorrent Sync
  1167. [2012.08.18 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\CyberLink
  1168. [2013.11.04 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Eclipse
  1169. [2013.04.29 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\GRETECH
  1170. [2012.08.25 16:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Hewlett-Packard
  1171. [2014.01.23 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\HPP
  1172. [2012.09.09 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\hpqlog
  1173. [2012.08.18 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Identities
  1174. [2012.08.18 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Intel
  1175. [2013.11.11 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\iSafe
  1176. [2012.08.18 13:52:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Macromedia
  1177. [2014.01.23 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Malwarebytes
  1178. [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Media Center Programs
  1179. [2013.01.11 22:48:52 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft
  1180. [2012.09.08 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Mozilla
  1181. [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Opera
  1182. [2013.04.23 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Oracle
  1183. [2013.11.11 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Skype
  1184. [2013.12.19 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SoftGrid Client
  1185. [2013.12.10 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SPSSInc
  1186. [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Symantec
  1187. [2012.08.18 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Synaptics
  1188. [2012.08.18 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TP
  1189. [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TuneUp Software
  1190. [2014.01.23 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\uTorrent
  1191. [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WildTangent
  1192. [2013.11.11 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WinZipper
  1193. [2014.01.12 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\_MDLogs
  1194.  
  1195. [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates\*.* >[/color]
  1196.  
  1197. [color=#A23BEC]< %USERPROFILE%\AppData\Local\Microsoft\*.* >[/color]
  1198.  
  1199. [color=#A23BEC]< %USERPROFILE%\AppData\Local\Microsoft\*. >[/color]
  1200. [2013.01.10 10:18:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Assistance
  1201. [2014.01.16 15:53:08 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Credentials
  1202. [2014.01.13 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Device Metadata
  1203. [2013.10.11 08:20:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Device Stage
  1204. [2012.08.18 13:34:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Feeds
  1205. [2013.09.02 09:08:01 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Feeds Cache
  1206. [2013.05.07 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\FORMS
  1207. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IME12
  1208. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP12
  1209. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP8_1
  1210. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP9_0
  1211. [2013.11.20 21:52:45 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Internet Explorer
  1212. [2013.12.13 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Media Player
  1213. [2012.09.05 12:03:25 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Messenger
  1214. [2013.11.25 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\NetTraces
  1215. [2012.09.27 18:54:41 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Office
  1216. [2012.11.13 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\OIS
  1217. [2014.01.12 10:16:25 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Outlook
  1218. [2013.11.20 08:05:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\PlayReady
  1219. [2013.12.10 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Portable Devices
  1220. [2012.08.29 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Vault
  1221. [2013.11.20 08:05:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows
  1222. [2013.02.25 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live
  1223. [2013.02.25 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live Movie Maker
  1224. [2013.02.25 20:51:10 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live Photo Gallery
  1225. [2012.08.18 13:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Mail
  1226. [2012.08.18 13:34:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Media
  1227. [2013.04.26 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Sidebar
  1228. [2013.05.22 21:48:12 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\WLSetup
  1229.  
  1230. [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\*.* >[/color]
  1231.  
  1232. [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\*. >[/color]
  1233. [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\CLR Security Config
  1234. [2013.01.11 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\CLView
  1235. [2012.08.18 13:30:50 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Credentials
  1236. [2013.05.01 19:48:37 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Crypto
  1237. [2012.10.15 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Document Building Blocks
  1238. [2014.01.22 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Excel
  1239. [2012.08.18 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\HTML Help
  1240. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IME12
  1241. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP12
  1242. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP8_1
  1243. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP9_0
  1244. [2012.09.07 11:54:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Internet Explorer
  1245. [2012.09.05 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\MSN Messenger
  1246. [2012.08.18 13:31:29 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Network
  1247. [2013.12.19 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Office
  1248. [2012.11.13 22:17:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\OIS
  1249. [2013.12.19 23:37:45 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\PowerPoint
  1250. [2012.08.29 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Priedai
  1251. [2012.09.04 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Proof
  1252. [2013.09.24 16:37:15 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Protect
  1253. [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Speech
  1254. [2013.05.01 19:48:37 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\SystemCertificates
  1255. [2012.10.02 17:34:33 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Templates
  1256. [2012.10.15 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Tikrinimas
  1257. [2013.11.11 21:58:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\UProof
  1258. [2012.08.29 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Vault
  1259. [2013.11.20 08:05:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows
  1260. [2013.05.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows Photo Viewer
  1261. [2014.01.22 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Word
  1262. [2014.01.22 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Šablonai
  1263.  
  1264. [color=#A23BEC]< %windir%\AppPatch\*.* >[/color]
  1265. [2013.04.13 06:45:15 | 002,176,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
  1266. [2012.10.16 09:39:52 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
  1267. [2009.07.14 03:03:47 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcRes.dll
  1268. [2013.04.13 06:45:16 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll
  1269. [2013.08.29 03:48:15 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\acwow64.dll
  1270. [2009.07.14 03:14:52 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcXtrnal.dll
  1271. [2009.07.14 03:14:53 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\apihex86.dll
  1272. [2013.04.13 01:33:29 | 000,151,630 | ---- | M] () -- C:\Windows\AppPatch\drvmain.sdb
  1273. [2012.03.25 05:56:19 | 001,826,582 | ---- | M] () -- C:\Windows\AppPatch\msimain.sdb
  1274. [2012.03.25 05:56:19 | 000,044,930 | ---- | M] () -- C:\Windows\AppPatch\pcamain.sdb
  1275. [2013.04.13 01:33:26 | 004,080,530 | ---- | M] () -- C:\Windows\AppPatch\sysmain.sdb
  1276.  
  1277. [color=#A23BEC]< %windir%\AppPatch\*. >[/color]
  1278. [2013.05.16 11:40:14 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\AppPatch64
  1279. [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\Custom
  1280. [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\en-US
  1281.  
  1282. [color=#A23BEC]< %Public%\Documents\*.* >[/color]
  1283. [2013.08.29 16:47:10 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
  1284.  
  1285. [color=#A23BEC]< %Public%\Documents\*. >[/color]
  1286. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Music
  1287. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Pictures
  1288. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Videos
  1289. [2012.06.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\YouCam
  1290.  
  1291. [color=#A23BEC]< %ProgramData%\*.* >[/color]
  1292.  
  1293. [color=#A23BEC]< %ProgramData%\*. >[/color]
  1294. [2012.09.05 11:43:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
  1295. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
  1296. [2013.08.29 15:04:43 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG
  1297. [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013
  1298. [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
  1299. [2013.04.24 17:48:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
  1300. [2012.08.18 14:06:35 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
  1301. [2013.01.07 17:31:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService
  1302. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
  1303. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
  1304. [2013.09.02 13:12:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
  1305. [2013.11.11 21:20:14 | 000,000,000 | ---D | M] -- C:\ProgramData\eSafe
  1306. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
  1307. [2013.09.02 13:07:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
  1308. [2013.09.02 13:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\HP SimplePass 2011
  1309. [2012.09.09 12:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
  1310. [2013.04.09 20:34:41 | 000,000,000 | ---D | M] -- C:\ProgramData\log
  1311. [2014.01.23 12:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
  1312. [2014.01.23 19:31:38 | 000,000,000 | ---D | M] -- C:\ProgramData\MCShield
  1313. [2014.01.23 17:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
  1314. [2014.01.06 17:40:55 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
  1315. [2013.12.12 00:26:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
  1316. [2012.09.08 12:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
  1317. [2013.08.29 12:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
  1318. [2013.04.24 17:20:40 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
  1319. [2013.01.07 17:31:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Omnitel mobilusis internetas
  1320. [2013.10.25 07:00:58 | 000,000,000 | ---D | M] -- C:\ProgramData\OnlineUpdate
  1321. [2012.06.15 20:06:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
  1322. [2013.11.04 17:51:20 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel
  1323. [2013.11.11 23:04:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
  1324. [2014.01.06 21:01:49 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS
  1325. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
  1326. [2013.04.22 23:57:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
  1327. [2012.09.05 12:03:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
  1328. [2012.06.15 20:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Synaptics
  1329. [2012.11.14 22:46:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
  1330. [2012.09.02 08:55:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Tele2 Mobile Partner
  1331. [2012.06.15 20:20:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
  1332. [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
  1333. [2013.09.02 13:29:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TrueSuite
  1334. [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
  1335. [2012.09.03 14:01:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
  1336. [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
  1337. [2012.11.19 22:21:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
  1338. [2013.04.29 21:44:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
  1339. [2013.08.29 12:29:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
  1340.  
  1341. [color=#A23BEC]< %CommonProgramFiles%\*.* >[/color]
  1342.  
  1343. [color=#A23BEC]< %CommonProgramFiles%\*. >[/color]
  1344. [2014.01.23 12:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\337
  1345. [2012.03.25 06:42:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
  1346. [2013.09.02 13:12:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\AuthenTec
  1347. [2012.08.18 13:37:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
  1348. [2013.11.04 17:50:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\IBM
  1349. [2012.06.15 20:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel
  1350. [2012.06.15 20:17:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel Corporation
  1351. [2013.09.16 21:50:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared
  1352. [2012.06.15 20:08:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\postureAgent
  1353. [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
  1354. [2012.08.18 14:18:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Skype
  1355. [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
  1356. [2014.01.06 20:34:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SPSS
  1357. [2012.09.03 14:31:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Symantec Shared
  1358. [2012.11.15 02:11:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
  1359. [2012.03.25 06:39:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live
  1360.  
  1361. [color=#A23BEC]< %CommonProgramFiles%\ComObjects\*.exe >[/color]
  1362.  
  1363. [color=#A23BEC]< %ProgramFiles%\*.* >[/color]
  1364. [2013.08.29 16:47:11 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
  1365.  
  1366. [color=#A23BEC]< %ProgramFiles%\*. >[/color]
  1367. [2012.09.25 08:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\1ClickDownload
  1368. [2012.03.25 06:38:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Absolute Software
  1369. [2012.03.25 06:42:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
  1370. [2012.09.28 13:34:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alkonas
  1371. [2014.01.23 11:59:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
  1372. [2012.11.14 22:46:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BabylonToolbar
  1373. [2012.09.09 12:14:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
  1374. [2014.01.23 12:00:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
  1375. [2012.09.05 12:06:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
  1376. [2012.06.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
  1377. [2014.01.12 13:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EasyBits For Kids
  1378. [2012.03.25 06:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote
  1379. [2013.04.29 21:43:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GRETECH
  1380. [2013.09.02 13:07:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
  1381. [2012.03.25 06:38:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
  1382. [2013.09.02 13:13:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP SimplePass
  1383. [2014.01.06 21:01:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IBM
  1384. [2012.11.19 22:25:21 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
  1385. [2012.09.09 12:18:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
  1386. [2012.06.15 20:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel Corporation
  1387. [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
  1388. [2014.01.23 12:04:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
  1389. [2014.01.23 19:18:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MCShield
  1390. [2014.01.06 17:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
  1391. [2012.08.29 12:30:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
  1392. [2013.09.16 21:52:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
  1393. [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
  1394. [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
  1395. [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
  1396. [2012.08.29 12:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
  1397. [2012.08.29 12:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
  1398. [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
  1399. [2013.12.20 09:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
  1400. [2013.12.30 11:25:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
  1401. [2012.08.29 12:39:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
  1402. [2013.01.07 17:31:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Omnitel mobilusis internetas
  1403. [2012.08.18 13:31:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
  1404. [2013.11.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera
  1405. [2012.03.25 06:28:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
  1406. [2013.11.11 20:14:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\qualitink
  1407. [2012.06.15 20:10:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
  1408. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
  1409. [2013.11.11 21:33:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
  1410. [2014.01.06 20:34:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SPSSInc
  1411. [2014.01.23 12:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SweetIM
  1412. [2012.06.15 20:21:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent
  1413. [2012.09.02 08:55:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tele2 Mobile Partner
  1414. [2014.01.07 10:24:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TornTV.com
  1415. [2009.07.14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
  1416. [2012.09.05 12:06:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrentControl_v2
  1417. [2014.01.19 12:20:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
  1418. [2013.09.02 09:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
  1419. [2012.03.25 06:42:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
  1420. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
  1421. [2013.12.12 11:30:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
  1422. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
  1423. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
  1424. [2010.11.21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
  1425. [2012.08.18 13:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
  1426. [2013.11.11 21:36:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZipper
  1427. [2013.04.24 10:46:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo
  1428. [2013.11.04 17:51:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry
  1429.  
  1430. [color=#A23BEC]< %programdata%\Microsoft\Windows\DRM\*.tmp >[/color]
  1431.  
  1432. [color=#A23BEC]< %programdata%\Microsoft\DRM\*.tmp >[/color]
  1433.  
  1434. [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color]
  1435.  
  1436. [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*. >[/color]
  1437. [2013.08.29 13:09:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013
  1438. [2014.01.06 20:11:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
  1439. [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Hewlett-Packard
  1440. [2013.08.29 11:48:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\MFAData
  1441. [2012.08.30 16:02:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft
  1442. [2014.01.23 19:16:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client
  1443.  
  1444. [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >[/color]
  1445.  
  1446. [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >[/color]
  1447. [2013.09.02 09:16:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG
  1448. [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013
  1449. [2012.03.25 06:46:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\hpqLog
  1450. [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft
  1451. [2014.01.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client
  1452. [2013.04.30 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
  1453. [2014.01.19 12:20:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\WildTangent
  1454. [2012.08.18 13:37:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
  1455.  
  1456. [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >[/color]
  1457.  
  1458. [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Local\*. >[/color]
  1459. [2013.08.29 13:09:23 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg2013
  1460. [2014.01.06 20:11:45 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps
  1461. [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Hewlett-Packard
  1462. [2013.08.29 11:48:17 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\MFAData
  1463. [2012.08.30 16:02:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
  1464. [2014.01.23 19:16:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SoftGrid Client
  1465.  
  1466. [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >[/color]
  1467.  
  1468. [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*. >[/color]
  1469. [2013.09.02 09:16:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG
  1470. [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG2013
  1471. [2012.03.25 06:46:29 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hpqLog
  1472. [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft
  1473. [2014.01.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client
  1474. [2013.04.30 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software
  1475. [2014.01.19 12:20:10 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WildTangent
  1476. [2012.08.18 13:37:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
  1477.  
  1478. [color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >[/color]
  1479.  
  1480. [color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >[/color]
  1481.  
  1482. [color=#A23BEC]< %windir%\temp\*.exe >[/color]
  1483. [2013.10.03 19:04:50 | 004,674,584 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{18FA40C4-18B9-4EDC-B481-A67A87BCAC83}.exe
  1484. [2013.11.14 19:44:58 | 004,680,728 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{584C6A47-4AF5-4D31-A60C-373787DCDCB4}.exe
  1485. [2014.01.08 17:50:34 | 004,843,544 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{6E77BC5C-60E2-4165-BDCB-57B6608C4622}.exe
  1486. [2013.12.12 16:43:13 | 004,811,800 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{7C9B45C0-4025-48F1-8BB3-A5590F1020B8}.exe
  1487. [2013.09.19 19:09:06 | 004,547,608 | ---- | M] (AVG Secure Search) -- C:\Windows\temp\{929C7B51-4E7B-44F9-BCBB-350D215DAD15}.exe
  1488. [13 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
  1489.  
  1490. [color=#A23BEC]< %windir%\*. >[/color]
  1491. [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
  1492. [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
  1493. [2013.10.10 15:11:51 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
  1494. [2013.11.18 10:19:19 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
  1495. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
  1496. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
  1497. [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
  1498. [2007.01.02 03:32:21 | 000,000,000 | ---D | M] -- C:\Windows\debug
  1499. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
  1500. [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
  1501. [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
  1502. [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Windows\ehome
  1503. [2012.03.25 06:41:56 | 000,000,000 | ---D | M] -- C:\Windows\en
  1504. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\en-US
  1505. [2012.11.19 18:30:24 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
  1506. [2010.11.21 09:19:26 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
  1507. [2012.11.19 22:25:17 | 000,000,000 | ---D | M] -- C:\Windows\Help
  1508. [2012.06.15 20:10:21 | 000,000,000 | ---D | M] -- C:\Windows\Hewlett-Packard
  1509. [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
  1510. [2014.01.23 19:30:21 | 000,000,000 | ---D | M] -- C:\Windows\inf
  1511. [2014.01.23 19:15:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
  1512. [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
  1513. [2009.07.14 04:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
  1514. [2013.11.19 23:34:30 | 000,000,000 | ---D | M] -- C:\Windows\Logs
  1515. [2009.07.14 07:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
  1516. [2013.11.18 10:19:19 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
  1517. [2013.11.19 16:00:19 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
  1518. [2009.07.14 04:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
  1519. [2009.07.14 07:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
  1520. [2012.08.18 23:26:25 | 000,000,000 | ---D | M] -- C:\Windows\Panther
  1521. [2012.03.25 06:40:41 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
  1522. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
  1523. [2009.07.14 05:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
  1524. [2013.11.20 08:05:20 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
  1525. [2014.01.23 19:28:31 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
  1526. [2013.04.26 14:22:27 | 000,000,000 | ---D | M] -- C:\Windows\registration
  1527. [2013.12.12 23:30:30 | 000,000,000 | ---D | M] -- C:\Windows\rescache
  1528. [2013.04.29 21:36:01 | 000,000,000 | ---D | M] -- C:\Windows\Resources
  1529. [2009.07.14 04:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
  1530. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
  1531. [2009.07.14 05:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security
  1532. [2009.07.14 06:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
  1533. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\servicing
  1534. [2012.03.25 05:53:36 | 000,000,000 | ---D | M] -- C:\Windows\Setup
  1535. [2012.08.29 12:39:26 | 000,000,000 | ---D | M] -- C:\Windows\SHELLNEW
  1536. [2013.04.25 17:00:57 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
  1537. [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\Speech
  1538. [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
  1539. [2014.01.23 19:30:22 | 000,000,000 | ---D | M] -- C:\Windows\System32
  1540. [2014.01.23 11:59:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
  1541. [2009.07.14 06:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
  1542. [2014.01.19 11:59:17 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
  1543. [2014.01.23 19:32:01 | 000,000,000 | ---D | M] -- C:\Windows\Temp
  1544. [2009.07.14 04:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
  1545. [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
  1546. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
  1547. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
  1548. [2014.01.16 15:52:44 | 000,000,000 | ---D | M] -- C:\Windows\winsxs
  1549.  
  1550. [color=#A23BEC]< %windir%\ShellNew\*.* >[/color]
  1551. [2010.07.20 16:17:04 | 000,008,831 | ---- | M] () -- C:\Windows\ShellNew\EXCEL12.XLSX
  1552. [2005.12.13 18:15:36 | 000,059,904 | ---- | M] () -- C:\Windows\ShellNew\MSPUB.PUB
  1553. [2010.04.29 23:19:08 | 000,029,562 | ---- | M] () -- C:\Windows\ShellNew\PWRPNT12.PPTX
  1554.  
  1555. [color=#A23BEC]< %windir%\installer\*. >[/color]
  1556. [2012.03.25 06:40:03 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
  1557. [2012.09.09 12:17:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}
  1558. [2012.09.09 12:16:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{37EC048A-81A2-452A-8D1F-3BE2018E767D}
  1559. [2012.09.09 12:14:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{E2D0B67F-8032-4E11-87C6-C8C721D331B3}
  1560. [2012.06.15 20:15:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
  1561. [2014.01.06 20:12:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}
  1562. [2012.03.25 06:43:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{07FA4960-B038-49EB-891B-9F95930AA544}
  1563. [2014.01.06 18:52:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}
  1564. [2013.04.02 16:19:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}
  1565. [2014.01.06 21:01:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AF8017B-E503-408F-AACE-8A335452CAD2}
  1566. [2012.09.09 12:18:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}
  1567. [2013.09.02 13:14:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}
  1568. [2012.03.25 06:44:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}
  1569. [2012.09.09 12:16:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{37EC048A-81A2-452A-8D1F-3BE2018E767D}
  1570. [2012.03.25 06:38:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40F4FF7A-B214-4453-B973-080B09CED019}
  1571. [2012.06.15 20:18:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4169B8AC-D144-4E38-A9CA-637EA44129ED}
  1572. [2012.03.25 06:45:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{42719DC3-4982-47DD-B025-B21C4BDD504D}
  1573. [2012.03.25 06:44:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{438363A8-F486-4C37-834C-4955773CB3D3}
  1574. [2014.01.06 20:37:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}
  1575. [2012.03.25 06:23:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{53B17A98-5BF0-40BC-AAFF-850A357975AC}
  1576. [2013.09.02 13:07:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}
  1577. [2012.06.15 20:20:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A847522-375C-4D05-BD3D-88C450CC047F}
  1578. [2012.03.25 06:28:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5B7C0946-6CBF-4285-8381-34E3CAE4D7A1}
  1579. [2012.03.25 06:39:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}
  1580. [2012.11.05 18:51:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{675D093B-815D-47FD-AB2C-192EC751E8E2}
  1581. [2012.11.19 22:24:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
  1582. [2012.09.05 12:03:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
  1583. [2012.09.05 12:03:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}
  1584. [2012.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7E799992-5DA0-4A1A-9443-B1836B063FEC}
  1585. [2012.06.15 20:17:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}
  1586. [2013.09.02 13:14:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{880B5A98-B242-4B53-BD6F-41EA17495EAD}
  1587. [2012.03.25 06:29:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8CE152BA-1D16-11E1-867D-984BE15F174E}
  1588. [2013.12.12 00:26:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE}
  1589. [2012.08.29 12:38:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-002A-0000-1000-0000000FF1CE}
  1590. [2013.09.16 21:52:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006D-0409-1000-0000000FF1CE}
  1591. [2013.11.15 10:13:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006E-0427-0000-0000000FF1CE}
  1592. [2012.03.25 06:39:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-0070-0000-0000-0000000FF1CE}
  1593. [2012.03.25 06:41:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04}
  1594. [2014.01.18 10:00:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
  1595. [2013.11.11 21:33:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}
  1596. [2012.03.25 06:43:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
  1597. [2012.06.15 20:08:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D1B033E8-A077-4B0D-9831-5798E19E861E}
  1598. [2012.03.25 06:44:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6CB77A6-7142-4352-8116-E636A663909D}
  1599. [2012.03.25 06:38:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DBCD5E64-7379-4648-9444-8A6558DCB614}
  1600. [2012.03.25 06:41:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48}
  1601. [2012.06.15 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B}
  1602. [2012.09.09 12:14:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}
  1603. [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
  1604. [2012.03.25 06:41:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
  1605. [2013.09.02 13:12:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}
  1606. [2012.03.25 06:44:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{ED1BD69A-07E3-418C-91F1-D856582581BF}
  1607. [2012.11.19 22:23:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}
  1608. [2012.08.18 14:18:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
  1609. [2012.03.25 06:41:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
  1610. [2012.09.05 12:03:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
  1611. [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}
  1612.  
  1613. [color=#A23BEC]< %windir%\system32\*. >[/color]
  1614. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
  1615. [2012.03.25 06:39:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe
  1616. [2010.11.21 05:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
  1617. [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
  1618. [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
  1619. [2009.07.14 04:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
  1620. [2009.07.14 04:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
  1621. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
  1622. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
  1623. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
  1624. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
  1625. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
  1626. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
  1627. [2013.12.12 11:30:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
  1628. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
  1629. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
  1630. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
  1631. [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
  1632. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
  1633. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
  1634. [2013.02.05 10:11:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\Extensions
  1635. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
  1636. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
  1637. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
  1638. [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
  1639. [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
  1640. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
  1641. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
  1642. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
  1643. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
  1644. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
  1645. [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
  1646. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
  1647. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
  1648. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
  1649. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
  1650. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
  1651. [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
  1652. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
  1653. [2012.03.25 06:23:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
  1654. [2010.11.21 05:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
  1655. [2013.11.20 08:05:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
  1656. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
  1657. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
  1658. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
  1659. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
  1660. [2009.07.14 04:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
  1661. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
  1662. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
  1663. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
  1664. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
  1665. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
  1666. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
  1667. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
  1668. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
  1669. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
  1670. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
  1671. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
  1672. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
  1673. [2012.06.15 20:10:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\sda
  1674. [2013.02.05 10:11:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\searchplugins
  1675. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
  1676. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
  1677. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
  1678. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
  1679. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
  1680. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
  1681. [2010.11.21 05:31:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
  1682. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
  1683. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
  1684. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
  1685. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
  1686. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
  1687. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
  1688. [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
  1689. [2012.09.03 13:41:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
  1690. [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
  1691. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
  1692. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
  1693. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
  1694. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
  1695. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
  1696. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
  1697. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW
  1698.  
  1699. [color=#A23BEC]< %windir%\sysnative\*. >[/color]
  1700. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
  1701. [2010.11.21 05:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
  1702. [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
  1703. [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
  1704. [2012.03.25 05:58:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
  1705. [2014.01.15 13:22:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
  1706. [2014.01.20 10:42:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
  1707. [2013.04.26 14:16:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
  1708. [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
  1709. [2014.01.23 19:30:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
  1710. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
  1711. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
  1712. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
  1713. [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
  1714. [2014.01.23 12:04:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
  1715. [2014.01.16 15:51:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
  1716. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
  1717. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
  1718. [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
  1719. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
  1720. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
  1721. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
  1722. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
  1723. [2009.07.14 07:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
  1724. [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
  1725. [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
  1726. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
  1727. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
  1728. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
  1729. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
  1730. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
  1731. [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
  1732. [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
  1733. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
  1734. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
  1735. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
  1736. [2013.11.11 21:14:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\log
  1737. [2013.08.29 11:57:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
  1738. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
  1739. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
  1740. [2012.03.25 06:23:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
  1741. [2010.11.21 05:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
  1742. [2009.07.14 06:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
  1743. [2013.11.20 08:05:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
  1744. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
  1745. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
  1746. [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
  1747. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
  1748. [2014.01.10 19:59:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
  1749. [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
  1750. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
  1751. [2012.03.25 05:53:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
  1752. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
  1753. [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
  1754. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
  1755. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
  1756. [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
  1757. [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
  1758. [2012.08.18 13:45:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
  1759. [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
  1760. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
  1761. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
  1762. [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
  1763. [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
  1764. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
  1765. [2009.07.14 05:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
  1766. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
  1767. [2009.07.14 06:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
  1768. [2009.07.14 05:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
  1769. [2010.11.21 05:30:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
  1770. [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
  1771. [2012.06.15 20:03:43 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SRSLabs
  1772. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
  1773. [2012.06.15 20:56:52 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
  1774. [2014.01.23 11:59:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
  1775. [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
  1776. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
  1777. [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
  1778. [2012.09.03 13:41:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
  1779. [2013.04.26 14:22:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
  1780. [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
  1781. [2013.08.29 14:17:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
  1782. [2009.07.14 07:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
  1783. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
  1784. [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
  1785. [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
  1786. [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
  1787. [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
  1788. [2013.04.26 14:22:28 | 000,000,000 | -H-D | M] -- C:\Windows\sysnative\WLANProfiles
  1789. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
  1790. [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
  1791. [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW
  1792.  
  1793. [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
  1794.  
  1795. [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
  1796.  
  1797. [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
  1798.  
  1799. [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]
  1800.  
  1801. [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
  1802.  
  1803. [color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]
  1804.  
  1805. [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
  1806.  
  1807. [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color]
  1808.  
  1809. [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
  1810.  
  1811. [color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /90 >[/color]
  1812.  
  1813. [color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]
  1814.  
  1815. [color=#A23BEC]< %SYSTEMDRIVE%\*. /rp /s >[/color]
  1816.  
  1817. [color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color]
  1818.  
  1819. [color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color]
  1820.  
  1821. [color=#A23BEC]< %systemroot%\assembly\GAC\*.ini >[/color]
  1822.  
  1823. [color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color]
  1824.  
  1825. [color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color]
  1826.  
  1827. [color=#A23BEC]< %SystemRoot%\assembly\GAC_MSIL\*.ini >[/color]
  1828.  
  1829. [color=#A23BEC]< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >[/color]
  1830.  
  1831. [color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]
  1832.  
  1833. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
  1834. "" = PSFactoryBuffer
  1835. [HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
  1836. "" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009.07.14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
  1837. "ThreadingModel" = Both
  1838.  
  1839. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]
  1840.  
  1841. [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]
  1842.  
  1843. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color]
  1844.  
  1845. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color]
  1846. "" = MruPidlList
  1847. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  1848. "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
  1849. "ThreadingModel" = Apartment
  1850.  
  1851. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >[/color]
  1852. "" = Start Menu Pin
  1853. "ImplementsVerbs" = startpin;startunpin
  1854. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
  1855. "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
  1856. "ThreadingModel" = Apartment
  1857.  
  1858. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color]
  1859. "" = PSFactoryBuffer
  1860. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
  1861. "" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009.07.14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
  1862. "ThreadingModel" = Both
  1863.  
  1864. [color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
  1865. "" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
  1866. [HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
  1867. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  1868. "ThreadingModel" = Free
  1869.  
  1870. [color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]
  1871. "" = ShellFolder for CD Burning
  1872. [HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  1873. "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
  1874. "ThreadingModel" = Apartment
  1875. [HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
  1876. "Attributes" = 0x0
  1877. "AttributeMask" = 0xffffffff
  1878. "Location" = @shell32.dll,-12591 -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
  1879. "ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009.07.14 03:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)
  1880.  
  1881. [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color]
  1882.  
  1883. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color]
  1884. "" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
  1885. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
  1886. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  1887. "ThreadingModel" = Free
  1888.  
  1889. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1890.  
  1891. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1892.  
  1893. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1894.  
  1895. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1896.  
  1897. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1898.  
  1899. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color]
  1900.  
  1901. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >[/color]
  1902.  
  1903. [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >[/color]
  1904.  
  1905. [color=#A23BEC]< HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >[/color]
  1906. [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
  1907. "" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
  1908. [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
  1909. "" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
  1910.  
  1911. [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >[/color]
  1912.  
  1913. [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >[/color]
  1914. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem]
  1915. "" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
  1916. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing]
  1917. "" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
  1918.  
  1919. [color=#A23BEC]< HKEY_CURRENT_USER\Software\MSOLoad /s >[/color]
  1920.  
  1921. [color=#A23BEC]< type C:\WINDOWS\system.ini >> test.txt /c >[/color]
  1922. No captured output from command...
  1923.  
  1924. [color=#A23BEC]< bcdedit /enum all /v >C:\boot.txt /c >[/color]
  1925. No captured output from command...
  1926.  
  1927. [color=#A23BEC]< type c:\diskreport.txt /c >[/color]
  1928. No captured output from command...
  1929. No captured output from command...
  1930. No captured output from command...
  1931.  
  1932. [color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
  1933. [2011.12.28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
  1934. [2013.09.14 03:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys
  1935. [2013.09.14 03:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys
  1936. [2011.12.28 06:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
  1937. [2013.09.28 03:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys
  1938. [2013.09.28 03:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys
  1939. [2013.09.28 03:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys
  1940. [2010.11.21 05:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
  1941. [2012.03.25 05:57:37 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
  1942. [2012.03.25 05:57:37 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
  1943.  
  1944. [color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
  1945. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
  1946. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
  1947. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
  1948. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
  1949. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
  1950. [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
  1951.  
  1952. [color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
  1953. [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
  1954. [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
  1955. [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
  1956. [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
  1957.  
  1958. [color=#A23BEC]< MD5 for: CSC.SYS  >[/color]
  1959. [2010.11.21 05:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys
  1960.  
  1961. [color=#A23BEC]< MD5 for: DFSC.SYS  >[/color]
  1962. [2010.11.21 05:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
  1963. [2010.11.21 05:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
  1964.  
  1965. [color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
  1966. [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
  1967. [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
  1968. [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
  1969.  
  1970. [color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
  1971. [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
  1972. [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
  1973. [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
  1974. [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
  1975. [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
  1976. [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
  1977. [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
  1978. [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
  1979.  
  1980. [color=#A23BEC]< MD5 for: FASTFAT.SYS  >[/color]
  1981. [2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
  1982. [2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
  1983.  
  1984. [color=#A23BEC]< MD5 for: I8042PRT.SYS  >[/color]
  1985. [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
  1986. [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
  1987. [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
  1988. [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
  1989. [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
  1990.  
  1991. [color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
  1992. [2012.02.02 02:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\SWSetup\Drivers\RST\Drivers\x32\iaStor.sys
  1993. [2012.02.02 02:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\SWSetup\Drivers\RST\F6\x86\iaStor.sys
  1994. [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\SWSetup\Drivers\RST\Drivers\x64\iaStor.sys
  1995. [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\SWSetup\Drivers\RST\F6\x64\iaStor.sys
  1996. [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\drivers\iaStor.sys
  1997. [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4b6764daf5ce9174\iaStor.sys
  1998. [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_4ffa60c18b7e0989\iaStor.sys
  1999.  
  2000. [color=#A23BEC]< MD5 for: KBDCLASS.SYS  >[/color]
  2001. [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
  2002. [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
  2003. [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
  2004.  
  2005. [color=#A23BEC]< MD5 for: KBDHID.SYS  >[/color]
  2006. [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys
  2007. [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys
  2008. [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys
  2009.  
  2010. [color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
  2011. [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
  2012. [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
  2013. [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe
  2014. [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
  2015. [2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
  2016. [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
  2017. [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
  2018. [2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
  2019.  
  2020. [color=#A23BEC]< MD5 for: MOUCLASS.SYS  >[/color]
  2021. [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys
  2022. [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys
  2023. [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys
  2024.  
  2025. [color=#A23BEC]< MD5 for: MOUHID.SYS  >[/color]
  2026. [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys
  2027. [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys
  2028. [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys
  2029.  
  2030. [color=#A23BEC]< MD5 for: NETBT.SYS  >[/color]
  2031. [2010.11.21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
  2032. [2010.11.21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
  2033.  
  2034. [color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
  2035. [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
  2036. [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
  2037. [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
  2038. [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
  2039.  
  2040. [color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
  2041. [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
  2042. [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
  2043. [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
  2044. [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
  2045.  
  2046. [color=#A23BEC]< MD5 for: SERIAL.SYS  >[/color]
  2047. [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
  2048. [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
  2049. [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
  2050.  
  2051. [color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
  2052. [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
  2053. [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
  2054.  
  2055. [color=#A23BEC]< MD5 for: SPLDR.SYS  >[/color]
  2056. [2009.07.14 03:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
  2057. [2009.07.14 03:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
  2058.  
  2059. [color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
  2060. [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
  2061. [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
  2062. [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
  2063. [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
  2064. [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
  2065.  
  2066. [color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
  2067. [2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
  2068. [2012.03.25 06:06:44 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
  2069. [2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
  2070. [2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
  2071. [2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
  2072. [2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
  2073. [2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
  2074. [2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
  2075. [2012.03.25 05:57:37 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
  2076. [2012.03.25 06:04:15 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
  2077. [2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
  2078. [2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
  2079. [2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
  2080. [2012.03.25 05:57:37 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
  2081. [2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
  2082. [2012.03.25 05:59:26 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
  2083. [2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
  2084. [2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
  2085. [2012.03.25 05:59:26 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
  2086. [2012.03.25 06:04:15 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
  2087. [2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
  2088. [2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
  2089. [2012.03.25 06:06:44 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
  2090.  
  2091. [color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
  2092. [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
  2093. [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
  2094. [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
  2095. [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
  2096.  
  2097. [color=#A23BEC]< MD5 for: VOLSNAP.SYS  >[/color]
  2098. [2010.11.21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
  2099. [2010.11.21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
  2100. [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
  2101. [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\drivers\volsnap.sys
  2102. [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
  2103. [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys
  2104.  
  2105. [color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
  2106. [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
  2107. [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
  2108. [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
  2109. [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
  2110.  
  2111. [color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
  2112. [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
  2113. [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
  2114. [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
  2115.  
  2116. [color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
  2117. [C:\Documents and Settings] -> C:\Users -> Junction
  2118. [C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
  2119. [C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
  2120. [C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
  2121. [C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
  2122. [C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
  2123. [C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
  2124. [C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
  2125. [C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
  2126. [C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
  2127. [C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
  2128. [C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
  2129. [C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
  2130. [C:\Users\All Users] ->  -> Unknown point type
  2131. [C:\Users\Default User] -> C:\Users\Default -> Junction
  2132. [C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
  2133. [C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
  2134. [C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
  2135. [C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
  2136. [C:\Users\Default\Cookies] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
  2137. [C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
  2138. [C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
  2139. [C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
  2140. [C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
  2141. [C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
  2142. [C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
  2143. [C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
  2144. [C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
  2145. [C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
  2146. [C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
  2147. [C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
  2148. [C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
  2149. [C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
  2150. [C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
  2151. [C:\Users\Rugilė\AppData\Local\Application Data] -> C:\Users\Rugilė\AppData\Local -> Junction
  2152. [C:\Users\Rugilė\AppData\Local\History] -> C:\Users\Rugilė\AppData\Local\Microsoft\Windows\History -> Junction
  2153. [C:\Users\Rugilė\AppData\Local\Temporary Internet Files] -> C:\Users\Rugilė\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
  2154. [C:\Users\Rugilė\Application Data] -> C:\Users\Rugilė\AppData\Roaming -> Junction
  2155. [C:\Users\Rugilė\Cookies] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
  2156. [C:\Users\Rugilė\Documents\My Music] -> C:\Users\Rugilė\Music -> Junction
  2157. [C:\Users\Rugilė\Documents\My Pictures] -> C:\Users\Rugilė\Pictures -> Junction
  2158. [C:\Users\Rugilė\Documents\My Videos] -> C:\Users\Rugilė\Videos -> Junction
  2159. [C:\Users\Rugilė\Local Settings] -> C:\Users\Rugilė\AppData\Local -> Junction
  2160. [C:\Users\Rugilė\My Documents] -> C:\Users\Rugilė\Documents -> Junction
  2161. [C:\Users\Rugilė\NetHood] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
  2162. [C:\Users\Rugilė\PrintHood] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
  2163. [C:\Users\Rugilė\Recent] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Recent -> Junction
  2164. [C:\Users\Rugilė\SendTo] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
  2165. [C:\Users\Rugilė\Start Menu] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
  2166. [C:\Users\Rugilė\Templates] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Templates -> Junction
  2167.  
  2168. < End of report >
clone this paste RAW Paste Data